Overview

overview

10

Static

static

3

aea6835e1d...e7.exe

windows7-x64

10

aea6835e1d...e7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aea6835e1d8c9e5ba9c92e9e71d692c6777531fdfaaee0bbcd53d5e36eb2b8e7.exe

  • Size

    1.8MB

  • Sample

    231127-t555zshh41

  • MD5

    416cabd8d6419b8509ed3311426277a6

  • SHA1

    57b68abda0b9ecce8281cf109c3f631aa0799f6b

  • SHA256

    aea6835e1d8c9e5ba9c92e9e71d692c6777531fdfaaee0bbcd53d5e36eb2b8e7

  • SHA512

    bb5840a63c3e0b1915092197848b4dd65dcb64f537d191708115f100f700feafbd760a69b5a1b6fc23e140b85bdd47a691205c15b34105cee4bed0b13d28bb4e

  • SSDEEP

    49152:bee0SeGwcSGQfOvlzgzRlyYFT9xZdmPSw:blMGNQfywXFJQ

Score
10/10
modiloaderpersistencetrojan

Malware Config

Targets

    • Target

      aea6835e1d8c9e5ba9c92e9e71d692c6777531fdfaaee0bbcd53d5e36eb2b8e7.exe

    • Size

      1.8MB

    • MD5

      416cabd8d6419b8509ed3311426277a6

    • SHA1

      57b68abda0b9ecce8281cf109c3f631aa0799f6b

    • SHA256

      aea6835e1d8c9e5ba9c92e9e71d692c6777531fdfaaee0bbcd53d5e36eb2b8e7

    • SHA512

      bb5840a63c3e0b1915092197848b4dd65dcb64f537d191708115f100f700feafbd760a69b5a1b6fc23e140b85bdd47a691205c15b34105cee4bed0b13d28bb4e

    • SSDEEP

      49152:bee0SeGwcSGQfOvlzgzRlyYFT9xZdmPSw:blMGNQfywXFJQ

    Score
    10/10
    modiloadertrojanpersistence

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks